WinZip FileView ActiveX control unsafe method

Added: 11/27/2006
CVE: CVE-2006-5198
BID: 21060
OSVDB: 30433

Background

WinZip includes the FileView ActiveX control which provides a user interface similar to the file view pane in Windows Explorer.

Problem

The FileView ActiveX control is marked "safe for scripting" and exposes several unsafe methods which can be used to execute arbitrary commands.

Resolution

Upgrade to WinZip 10.0 Build 7245 or higher or WinZip 11.0 or higher.

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0247.html

Limitations

Exploit works on WinZip 10.0 Build 6667 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2 / Windows XP

Back to exploit index